Vulnerabilities > Openwrt

DATE	CVE	VULNERABILITY TITLE	RISK
2019-05-23	CVE-2019-12272	OS Command Injection vulnerability in Openwrt Luci In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability. network low complexity openwrt CWE-78 critical	9.8
2018-11-28	CVE-2018-19630	Cross-site Scripting vulnerability in Openwrt Lede and Openwrt cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI. network low complexity openwrt CWE-79	6.1
2018-06-19	CVE-2018-11116	Incorrect Permission Assignment for Critical Resource vulnerability in Openwrt OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution. network low complexity openwrt CWE-732	8.8

Vulnerabilities > Openwrt {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Openwrt"}]}